Welcome to NBlog, the NoticeBored blog

Oct 7, 2007

A press report about Boeing firing an IT auditor for blowing the whistle on alleged mishandling of SOX compliance work by Boeing's IT Department is troubling on a number of levels:

1. If the allegations are true, Boeing may have internal control problems affecting its governance, financial accounting systems and/or reporting.

2. Nothing else matters as much as the truth of point 1.

Instead of firing the auditor, Boeing management should face up to the charge and clarify their position. Control problems that are acknowledged can be fixed. Sweeping things under the carpet, shooting the messenger of bad tidings and intimidating his (former) colleagues is hardly 'facing up'.

Auditors are professionally obliged to act in the best interests of their employers or clients. On rare occasions, this includes blowing the whistle on malpractice or incompetence. If employers/clients can simply dismiss whistleblowers, it is a very brave (and self-confident) auditor who has the nerve to speak out and risk losing hiss/her job ... so the question comes down to whether we believe in the professional integrity and ethics of the auditor or that of the employer/client. An honest disclosure of the facts of the alleged control issue will surely resolve this one way or the other?

No comments:

Post a Comment

Hot topic

NBlogger is ...

Dr Gary Hinson PhD MBA CISSP has an abiding interest in human factors - the ‘people side’ as opposed to the purely technical aspects of information security. Gary's career stretches back to the mid-1980s as both practitioner and manager in the fields of IT system and network administration, information security and IT auditing. He has worked and consulted in the pharmaceuticals/life sciences, utilities, IT, engineering, defense, financial services and government sectors, for organizations of all sizes. Since 2003, he has been creating security awareness materials for clients (www.NoticeBored.com) and supporting users of the ISO27k standards (www.ISO27001security.com). In conjunction with Krag Brotby, he wrote "PRAGMATIC security metrics" (www.SecurityMetametrics.com). He is a keen radio amateur, often calling but seldom heard by distant stations on the HF bands.